1 2 Previous Next 14 Replies Latest reply on Oct 1, 2011 4:27 PM by kevin_arw

    EEPC 6.1 encrypt options

      Hi,

       

      i have some questions about the encrypt option in the product setting policy of eepc 6.1. we want to encrypt all partitions of the notebooks local disk - and that's all . in v5.x.x it was possible to select the drive letters you wanted to encrypt but now i can only choose between all disks, only boot and all disks except boot.

      so what exactly is encrypted when i choose all disks? all logical partitions or EVERY disk that is found, including maybe external usb or e-sata devices?

      and how about the only boot option? does that refer only to the boot partition or the physical boot drive and which effect takes the "use windows system drive as boot drive" option to that? is it right that if only boot is selected, that under windows 7 only the hidden boot partition is encrypted?

       

      eepc version: 6.1.0

      epo versoin: 4.5.4

      client operating systems: windows xp, windows 7

       

      Thanks in advance!

        • 1. Re: EEPC 6.1 encrypt options
          georgec

          From what I know it encrypts only internal disks. Removable storage is ingored. As for e-sata, the OS sees it as an internal disk so it might get encrypted also.

          Please see this:

          https://kc.mcafee.com/corporate/index?page=content&id=KB69422&cat=CORP_ENDPOINT_ ENCRYPTION_FOR_PC_5_2_6_&actp=LIST

           

          It encrypts partitions, not disks, when you use the option to encrypt the boot disk and exclude all other.

           

           

          George

          • 2. Re: EEPC 6.1 encrypt options

            Yes, it does a lot of work to identify what's internal and what's external. As George says though, the OS is pretty vague regarding what's eSata and what's SATA, so at the moment unless the drive is clearly marked as removable in Windows, EEPC will consider it encryptable.

             

            External USB drives are always detected as removable (and thus not encrypted) - it's only eSATA which is a problem at this time.

            • 3. Re: EEPC 6.1 encrypt options

              thanks, you helped me a lot so far!

               

              but that means the same problem exists for some "normal" SATA drives, that are connected via USB, because these devices are sometimes also identified as not-removable device, right?

               

              is there any possibilty to exclude all other partitions or disks from encryption other than C: and the windows 7 boot partition?

               

              Nachricht geändert durch drx_gt on 21.04.11 08:05:15 CDT
              • 4. Re: EEPC 6.1 encrypt options

                By default, the product assumes that whatever the OS enumerates as disk 0 is the boot disk. Sometimes, this is an incorrect assumption. I have seen this in the field if users take our their CD-ROM drive and replace it with a hard drive. For some reason, Windows usually treats these as disk 0 which causes us problems. So if you check the "use Windows system drive as boot drive" option, we will switch our logic. Instead of assuming that disk 0 is the boot disk, we will look for Windows OS files and then assume that is the boot disk.

                 

                As for the hidden boot partition in Windows 7, I'm not sure what will happen. I think we would not encrypt it since the OS cannot see it; this is, for example, how we treat linux partitions on dual boot systems. But the behavior might be different if it is formatted with a Windows readable file system. It would be very helpful if you could test this and report your findings here!

                1 of 1 people found this helpful
                • 5. Re: EEPC 6.1 encrypt options

                  No, there's no option to exclude drives - the choices are the ones you see in the list. None, all drives, boot drive only.

                   

                  The main reson people use EEPC is to comply with data protection regulations, which insist that you have to disclose the loss of control of any personal data. There's no difference in the eyes of the law between a usb drive, a laptop, a dvd or an eSata drive - so, this product (to solve this problem) will try to protect as much data as possible.

                   

                  If you need drive-by-drive selection, you can continue using EEPC5 which has this feature, or submit a feature request to your McAfee Platinum Support person to have this added in v6.x in the future.

                   

                  At the moment though, there's no way to make a distinction in EEPC6.0 or 6.1

                  1 of 1 people found this helpful
                  • 6. Re: EEPC 6.1 encrypt options

                    Thanks for that information, I just want to make sure that I don't leave out any possibility concerning this matter.

                     

                    So I did a first test with two equal notebooks.

                     

                    the first one was ok, "use windows system drive as boot drive" option was unchecked and only the win7 boot partition was encrypted.

                    the second one didn't encrypt the c-partition either, although the option was checked for this one.

                     

                    DLarson said, that EEPC assumes whatever is numbered as disk 0 by the OS is the boot disk.

                    is there any known problem or reason why the system partition of the second client stayed unencrypted or did I get that wrong and it is meant to work that way?

                    • 7. Re: EEPC 6.1 encrypt options

                      So are you saying that only the Windows 7 boot partition was encrypted if you enabled the option and when you disabled the option? I think that would be the expected behavior since that hidden partition is your boot disk.

                       

                      You could also look in disk manager and see if it marks that Windows 7 boot partition as disk 0.

                      • 8. Re: EEPC 6.1 encrypt options

                        both of them, the boot partition and the system partition (C) are on disk 0, that's why i'm wondering why the system partition isn't encrypted when the option is enabled .

                        • 9. Re: EEPC 6.1 encrypt options

                          it's not so important what the disk number is, it's whether it's the boot partition or not. If you want all partitions encrypted, you need to select that option - anything else limits the number of (fixed disk) partitions that EEPC will try to protect.

                          Fianlly, it only protects things visible within windows that have a drive letter - so anything else will be skipped. No GPT disks, no hard-linked partitions. It MUST be a basic disk with a drive letter to be supported.

                          1 2 Previous Next